How to Make a Malicious USB and How to trick the victim to use it.

THIS VIDEO IS FOR EDUCATIONAL PURPOSES ONLY. IF ORDINARY CITIZENS UNDERSTAND HOW ONE MAY CIRCUMVENT THEIR SECURITY THEN THEY HAVE THE CHANCE TO PROTECT AGAINST SUCH SECURITY BREACHES. I TAKE NO RESPONSIBILITY FOR RECKLESS USE OF THE KNOWLEDGE IN THIS VIDEO.

video : HOW TO MAKE AN EVIL USB STICK

An Awesome explaination of BLOCKCHAIN (VIDEO PRESENTATION)

BLOCKCHAIN as a technology has been there with us since 2008 ,but we have tweeting and talking about it lately…

I have tried to explain the very Basics of BLOCKCHAIN in a video presentation .

Do share if you like it.

WHAT IS BLOCKCHAIN? VIDEO PRESENTATION

Cyber Wizard.

Using Kali Linux Lesson -1

Using Kali Linux Lesson -1

So you are using Kali Linux as the attack platform . Kali, the successor to the popular BackTrack Linux, is a Debian-based distribution that comes with a plethora of penetration testing tools preinstalled and preconfigured. Anyone who’s ever tried to set up a pentesting box from scratch the day before a big engagement knows that getting everything working correctly can be a real pain. Having everything preconfigured in Kali can save a lot of time and headaches. Kali Linux works just like the standard Debian GNU/Linux distribution, with a lot of extra tools.

Linux Command Line

The Linux command line looks like this:

As you can see, there’s not much in the root directory, only a folder
called Desktop.

The Linux Filesystem

In the Linux world, everything is a file: keyboards, printers, network
devices—everything. All files can be viewed, edited, deleted, created,
and moved. The Linux filesystem is made up of a series of directories
that branch off from the root of the filesystem (/).To see your current directory, enter pwd at the terminal:

Changing Directories

To move to another directory, enter cd directory using either the absolute or
relative path to the new directory, based your current location. The absolute
path is the path to a file in relation to the root directory (/).

For example, tochange to your desktop from anywhere, you could enter the absolute path to the desktop with : cd /root/Desktop to reach the root user’s desktop.

If you were in the directory /root (the root user’s home directory), you could use the relative path to the desktop (that is, relative to your current location) by
entering cd Desktop, which would also take you to the desktop.

Entering cd .. from root’s Desktop directory takes us back to root’s home directory. Entering cd ../etc from there moves us back up to the root of the
filesystem and then to the /etc directory.

Learning About Commands: The Man Pages

To learn more about a command and its options and arguments, you can
view its documentation (called its manual page, or man page) by entering mancommand. For example, to learn more about the ls command enter man ls as :

Creating a New File or Directory
To create a new, empty file called myfile, use the touch command.

Use ls to confirm that the new directory has been created, and then
change to mydirectory using cd.

Copying, Moving, and Removing Files
To copy a file, use the cp command as shown here :

Managing Installed Packages

On Debian-based Linux distributions such as Kali Linux, you can use the
Advanced Packaging Tool (apt) to manage packages.

To install a package,enter apt-get install package. For example, to install Raphael Mudge’s front end for Metasploit,Armitage, in Kali Linux, enter the following:

Processes and Services

In Kali Linux you can start, stop, or restart services using the service command. For example, to start the Apache web server, enter service apache2 start as shown next.

Managing Networking
You can use the ifconfig command to view network information as shown :

This was pretty much it for the first lesson. Stay tuned for the 2nd lesson.

Its all about getting your basics cleared.

Cyber Wizard

Risk Assessment by Sawan Bhan

The most commonly mixed up security terms are Threat, vulnerability, and Risk.

An asset is what we’re trying to protect.

A threat is what we’re trying to protect against.

A vulnerability is a weakness or gap in our protection efforts.

Risk is the intersection of assets, threats, and vulnerabilities.

A + T + V = R

That is, Asset + Threat + Vulnerability = Risk.

Risk is a function of threats exploiting vulnerabilities to obtain, damage or destroy assets.

It mainly consitst of the following steps:

  • Risks to which the organization is exposed: Every System has known (and also unknown) risks and vulnerabilities. Create a plan for how your organization will best handle this issues.
  • Risks that need addressing: Not all risks are equally likely to happen. Industrial espionage and theft are more likely than a tsunami damaging the server room in most regions.
  • Coordination with BIA: To make an intelligent decision about how to handle with risks you should conjunct the risks with the business impact analysis.

Computing Risk Assessment

Prioritizing is important! Not everything should be weighed evenly. Some risks can be accepted by the company, while other would be catastrophic. And some risks might not even have a likelihood of happening.

Risk Calculations

From what I gathered while studying there are three major components to calculate Risks:

  • ALE (annual loss expectancy) – How much money loss can you expect per year
  • SLE (single loss expectancy) – How much money loss can you expect from a “event”
  • ARO (annualized rate of occurence) – How often does an “event” occur per year (mostly intel gained from statistics and company history)

To calculate the ALE of a risk use this formula: SLE x ARO = ALE

Quantitative vs. Qualitative Risk Assessment

When making risk assessment you should always consider if the risk has qualitative or quantitative impact on the company.

If a company loses their customer database with contact information, history of past orders, charge numbers and so on it’s a quantitative loss, because they will lose money and business critical information. Whereas if the company loses images from a company event it might be hard for the employees etc, but they wont lose any “money” from it or lose business critical information. That’s qualitative loss.

quantitative: Money gets lost, qualitative: Sentimental valuables/ Reputation gets lost or damaged

Additional Risk Terminology

Term Meaning
Likelihood Possibility of threat initiation
Threat Vector Way in which an attacker poses a threat. From fake emails (phishing) to an unsecured hotspot
MTBF – Mean time between failures Measure of anticipated incidence of failure for a system or component. You should be prepared to replace or rebuild the system once every MTBF
MTTF – Mean time to failure Similar to MTBF, but for a nonrepairable system
MTTR – Mean time to restore/ repair How long will it take to be fixed if a failure occurs
RTO – Recovery time objective Maximum amount of time that a process/ system is allowed to be down with acceptable consequences
RPO – Recovery point objective What point needs to be restored (System Backup from two weeks ago or Backup from yesterday)

Acting on Your Risk Assessment

We have five possible actions that you can choose to follow:

But you must know the risk exists!

Action Meaning
Risk Avoidance Identifying a risk and making the decision not to engage any longer in the actions associated with that risk. Eg: Forbid any email attachments from entering the network
Risk Transference Split the burden of a risk by hiring an external party (usually an insurance company or security provider)
Risk Mitigation Reduce the chance of the risk happening (antivirus, user education, etc…)
Risk Deterrence Letting the enemy know the harm can come their way if they cause harm to you (Warning sings, prosecution policies on websites)
Risk Acceptance If the harm costs less than implementing any other option from above you do nothing about it.

Risks Associated with Cloud Computing

For the purpose of the CompTIA exam, cloud computing means hoting services and data on the Internet instead of hosting it locally. And there are three different ways of implementing cloud computing:

The risks involve the following:

  • Regulatory Compliance: Make sure that whoever hosts your data takes privacy and security as seriously as you do
  • User privileges: You won’t have the same contrl over user accounts in the cloud as you do locally.
  • Data Integrations/ Segregations: Sometimes multiple companies are using the same server. You should use encryption and set the right user permissions on your databases to prevent other companies to steal information.

Risks Associated with Virtualization

  • Breaking out of the virtual machine
  • Network and security controls can intermingle, which could lead to privilege escalation

Most virtualization vulnerabilities focus on the hypervisor. The Solution to most of these risks is to always have an up to date version and apply the most recent patches to the hypervisor (virtualbox, VMware, etc…)

Sawan Bhan

Cyber Wizard

How to become an Ethical Hacker (Beginners Guide)

Learning how to become an ethical hacker can be daunting at first. Every page tells you to know everything about everything or else you’ll be a script kiddie.

But that’s not true!

Follow this guide from top to bottom and you’ll find yourself in the infosec field sooner than you thought.

This is a long guide, so you might want to bookmark it, read on, apply the steps and come back later.

Why should you listen to me?

I’m an Information Security Professional who is pursuing MBA in (Information Security) from SYMBIOSIS CENTER OF INFORMATION TECHNOLOGY .
Over the years i have developed the skills of Vulnerability Assessment and Penetration Testing,Webapp Application Security,Network Security.

I’m not some faceless hacker telling you stuff. You can watch me introduce myself hehereon my youtube Channel :

CYBER WIZARD YOUTUBE CHANNEL

Become An Ethical Hacker

In order to become an ethical hacker, you’ll need to understand some things about everything and everything about something.

The key is to choose one topic you want to be very good at, and others you’ll just need to get the overall context.

So what do you need in order to become an ethical hacker?

Join The Community

Contrary to popular belief (ethical) hacking is a group activity. The first step you want to do, to become an ethical hacker is to join different communities.

Find a site, youtube channel or subreddit where people talk openly about exploiting hardware and software with the same enthusiasm as you. Then start reading, upvoting or whatever and someday make your own submissions to the community.

Learn To Google

Googling will turn out to be the most useful skill in your journey to become an ethical hacker. And this for two major reasons:

  • You’ll be on the edge of technology or scavenging through decades-old legacy stuff. You need to know how to gather and research for the things you don’t know.
  • If you encounter a problem chances are high, that another person already had that problem sometime in the past.

Learn about Security

You’ll need some basic knowledge about Security Concepts. The CompTIA Security+ course and exam offer good basic theories and concepts for beginners.

Do some hacking

What would a ethical hacker be, without hacking. Just ethical, I guess.

Do some applied hacking challenges online for free and legal. You can do this on sites like hacking-lab.com and other. You should know how to google by now, so use that skill to find hacking challenges online.

If you’re too afraid to try it, or too lazy for that matter, don’t worry.

I have a lot of content on my youtube channel, where I show how to solve such challenges. Here’s one for you to get started:

CTF WALKTHROUGH

These competitions usually are called CTF’s (Capture The Flag). The goal is to attack a vulnerable system and find a flag (password, file, anything) and disclose it.

Start by watching and reading a couple of Solutions to these challenges. But it’s important that you’ll start doing them one day.

Learn about systems

Learn about different OPERATING SYSTEMS and what makes them different (or equal). Then choose one OS you like and become a / superuser in it.

Some applicable steps to learn about systems:

  • Set up a service (like a webserver)
  • Start using virtual machines and install different OSes
  • Edit stuff in those virtual machines and see what happens
  • automate boring stuff using bash or another CLI
  • Try to fumble with configurations and look what happens
  • Read Documentations, Google Questions

Learn Some Coding

You don’t have to be a pro coder to become an ethical hacker, but you should be able to build a website or an app in order to destroy it later on.

The basic concept of many languages is the same. It’s the implementation that differs, sometimes even syntax.

There are a different couple of paradigm when it comes to Progamming like:

  • Functional
  • Object Oriented
  • Javascript (what the hell)
  • procedural
  • DataBases (SQL, Relational)
  • DataBases (NoSQL)

Choose 1-2 paradigms and learn them (via coding in different languages).

If you want to do some hardware/ reverse engineering C and assembly are your friends. They’re programming languages, but tend to be more “flexible” or prone to errors, since you have to do everything yourself.

I would start with C and then do some more coding with a higher-level language like C# or (ugh) Java.

You don’t have to be a perfect coder, you should be able to read between languages, fill the gaps with googling if necessary and most important: USE DEBUGGERS!

Learn How Networks work

Nothing goes anymore without some network things involved. Learn the basic concept of different protocols. Use your system knowledge to implement and configure Services.

Maybe do some socket programming in C or some web development, to understand how a basic network architecture works.

Focus on one particular subject you want to be good at (firewall config, socket coding, etc…) and become good at it.

Become an Ethical Hacker

If you’ve come this far, you should have a solid understanding on how computers, networks and programs work.

You’re able to fill missing gaps and learn new stuff fast using google. You should be able to write little scripts to automate tasks, know some basic concepts of networking and how a software works. You’ve even learned some things about hacking, on your road to here.

Now you need to learn about ethical hacking. This includes not only technical aspects but also things like:

  • How do I even start a Penetration Test
  • What tools are involved
  • What is ethical and what not?

These and more questions are going to be answered by my new series on YouTube

Have an Awesome time!!

Sawan Bhan(cyber wizard)

Design a site like this with WordPress.com
Get started